DOD Needs Industry’s Help to Catch Cyber Attacks, Commander Says

WASHINGTON, March 27, 2012 — The Defense Depart­ment needs pri­vate-sec­tor coop­er­a­tion in report­ing com­put­er net­work attacks in real time to stop what has been the “great­est trans­fer of wealth in his­to­ry” that U.S. com­pa­nies lose to for­eign hack­ers, the head of U.S. Cyber Com­mand told a Sen­ate com­mit­tee today.

Army Gen. Kei­th B. Alexan­der, who also is the Nation­al Secu­ri­ty Agency direc­tor, told the Sen­ate Armed Ser­vices Com­mit­tee that he sup­ports leg­is­la­tion that would require pri­vate com­pa­nies to report attacks, and added that such report­ing needs to hap­pen before an attack is com­plete.

“We need to see the attack,” he said. “If we can’t see the attack, we can’t stop it. We have to have the abil­i­ty to work with indus­try — our part­ners — so that when they are attacked, they can share that with us imme­di­ate­ly.”

Many cyber defense bills have stalled in Con­gress over con­cerns about pri­va­cy, over­reg­u­la­tion and the military’s role in cyber pro­tec­tion, Alexan­der and the sen­a­tors not­ed.

The gen­er­al com­pared the cur­rent sit­u­a­tion, where DOD com­put­ers receive some 6 mil­lion threat­en­ing probes each day, to a mis­sile being fired into U.S. air­space with no radars to see it. “Today, we’re in the foren­sics mode,” he said. “When an attack occurs, we’re told about it after the fact.”

Alexan­der added, though, that indus­try should be mon­i­tor­ing their own sys­tems with help from Cyber Com­mand and the Depart­ment of Home­land Secu­ri­ty. “I do not believe we want the NSA or Cyber Com­mand or the mil­i­tary in our net­works, watch­ing it,” he said.

Alexan­der explained the fed­er­al part­ner­ship of U.S. cyber secu­ri­ty as one in which Home­land Secu­ri­ty leads in cre­at­ing the infra­struc­ture to pro­tect U.S. inter­ests, Cyber Com­mand defends against attacks, FBI con­ducts crim­i­nal inves­ti­ga­tions, and the intel­li­gence com­mu­ni­ty gath­ers over­seas infor­ma­tion that could indi­cate attacks.

“Cyber is a team sport,” he said. “It is increas­ing­ly crit­i­cal to our nation­al and eco­nom­ic secu­ri­ty. … The theft of intel­lec­tu­al prop­er­ty is astound­ing.”

The Defense Department’s request of $3.4 bil­lion for Cyber Com­mand in fis­cal 2013 is one of the few areas of growth in the DOD bud­get, sen­a­tors not­ed. The com­mand has made progress toward its goals of mak­ing cyber space safer, main­tain­ing free­dom of move­ment there, and defend­ing the vital inter­ests of the Unit­ed States and its allies, Alexan­der said. The com­mand also is work­ing toward par­ing down the department’s 15,000 sep­a­rate net­works, he said.

Cyber threats from nations — with the most orig­i­nat­ing in Chi­na — and non-state actors is grow­ing, Alexan­der said.

“It is increas­ing­ly like­ly, as we move for­ward, that any attack on the U.S. will include a cyber attack,” he said. “These are threats the nation can­not ignore. What we see … under­scores the imper­a­tive to act now.”

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)